[systemd-devel] IPv6 forwarding inside systemd-nspawn containers
Lennart Poettering
lennart at poettering.net
Tue Jun 14 11:55:51 UTC 2016
On Mon, 13.06.16 14:33, Egor M. (dsx+systemd-devel at droidnest.org) wrote:
> Hello Lennart.
>
> I made more tests, it looks like networking controls are indeed properly
> namespaced.
>
> I don't know what's PR means in this context, so can't make it.
I actually meant an issue, not a PR.
https://github.com/systemd/systemd/issues/new
>
> On Fri, Jun 10, 2016 at 03:18:10PM +0200, Lennart Poettering wrote:
> > On Thu, 09.06.16 17:11, Egor M. (dsx+systemd-devel at droidnest.org) wrote:
> >
> > > Hello.
> > >
> > > How to enable IPv6 forwarding in systemd-nspawn containers? I have a container
> > > with network-bridge (--network-bridge=br0). Despite of
> > > net.ipv6.conf.all.forwarding value and corresponding interface values, IPv6
> > > forwarding is still disabled inside container, while IPv4 forwarding inherited
> > > correctly from host system and works just fine.
> >
> > Hmm, did I grok this right, you want to enable IPv4 forwarding inside
> > the container, so that the container acts as router?
> >
> > Currently npsawn will mount all of /proc/sys read-only, under the
> > assumption that these sysctl are not namespaced. Are you saying the
> > networking controls are correctly namespaced, and thus can be set to
> > different values from the host without interfering with it? If so, we
> > should probably mount /proc/sys/net writable after all.
> >
> > If so, could you please file a PR about this, and we'll make the
> > change in upstream nspawn.
> >
> > For now though you can just make /proc/sys/net writable manually and
> > then set the right sysctl there...
> >
> > Lennart
> >
> > --
> > Lennart Poettering, Red Hat
>
> --
> Egor M.
>
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list